Application Security - Veracomp · BIG-IP Application Security Manager Secure response delivered...
Transcript of Application Security - Veracomp · BIG-IP Application Security Manager Secure response delivered...
Application Security
Rafal ChruscielSenior Security Operations Analyst, F5 Networks
Agenda
• Who are we?
• Anti-Fraud
• F5 Silverline DDOS protection
• WAFaaS
• Threat intelligence & malware research
• Publications
F5 SOC Organization
Vice-President
Managers
Customer Engagement Managers
Architects
DDOS Analysts
WAF Analysts
Anti-Fraud Analysts
Malware Analysts
Seattle Warsaw
Tel-Aviv
F5 SOC Milestones
• 2013• Versafe acquisition
• 2014• F5 WebSafe release
• Seattle SOC launch
• Defense.net acquisition
• F5 Silverline Volumetric DDoS release
• 2015• Warsaw SOC Launch
• F5 Silverline Web Application Firewall release
• 2017• F5 Silverline WAF Express release
• Delivering 3 SOC services 24x7x365 – Silverline DDoS mitigation, Silverline WAFaaS, Anti Fraud services
Unlimited Expert Malware AnalysisAssess damage, understand attackers and resolve vulnerabilities
• Analyzes any malware submitted including that detected by F5 Web Fraud Protection solutions
• Investigates and reports on malware includingcomponents, attributes, target, controls, purpose, etc..
• Discovers indicators of compromise
• Identifies source and level of sophistication
• Helps prevent future malware attacks and eliminate risks associated with analyzing malware
• Includes C&C shutdown services, and WebSafe C&C drop zone investigation
Specialized researchers and
analyst at your service
Always available
24x7Malware Analysis
Team
BIG-IP Fraud Protection Service
Organization’s DMZ
Web
Application
Alert Server
Internet
Online Users
WebSafeComponentsVia F5 iRules
Cloud or on-premise
Internet
Mirai – DNS Water Torture
blabla.victim.comISP’S DNS SERVER
AUTHORITIVE DNS SERVER
AUTHORITIVE DNS SERVER
AUTHORITIVE DNS SERVER
Unresponsive
AUTHORITIVE DNS SERVER
IOT BOT Unresponsive
Unresponsive
Unresponsive
DDoS Future
ImgSource: http://vavatech.pl/technologie/mobilne/androidImgSource: http://www.business2community.com/big-data/internet-
things-iot-going-impact-business-01572401#EcT94ktBwj7BZPYh.97
BIG-IP® Application Security Manager™
• Highest scaling & most flexible solution that provides transparent protection
from ever-changing threats
• Best DAST integration & virtual patching to reduce risks from vulnerabilities
• Deploys as a full proxy or transparent full proxy (bridge mode)
• Industries best BOT detection measures
• Secures against the OWASP top 10
BIG-IP Local Traffic Manager
BIG-IP Application Security Manager
Secure response delivered
Request made
BIG-IP ASM security policy checked
Server response generated
BIG-IP ASM applies security policy
Vulnerable application
Drop, block or forward
request
Application attack filtering &
inspection
SSL , TCP, HTTP DoS
mitigation
Response inspection for errors
and leakage of sensitive
information
BIG-IP ASM security policy checked
WAF as a Service
F5 security experts proactively monitor, and fine-tune policies to protect web applications and data from new and emerging threats.
• Expert policy setup
• Policy fine-tuning
• Proactive alert monitoring
• False positives tuning
• Detection tuning
• Whitelist / Blacklist Set up and monitoring
Availability & Support
Expert Policy Setup and Management
Active Threat Monitoring
F5 Security Operations Center
Effective Policy Management
Step 1: Deployment
Phase
Step 2:
Building Phase
Step 3:
Learning Phase
Step 4: Enforcement
Phase:
Step 5: Continual
Tuning
On Boarding Call is
scheduled
Set up an account
Agree to an
implementation plan
Create a proxy
environment for the
application
Analyze your applications
Live traffic feeds ASM
policy builder
SOC tunes policies based
on resolutions of WAF
Violation Logs
Virtual Patching via
VA/DAST scans
Enforcement call
scheduled between
customer and SOC
Maintenance window is
established
Monitoring for False
positives
Follow call scheduled to
obtain customer sign off
Continual tuning based
on WAF Violation Logs
Resolution
Periodic calls with
customer
Repeat Steps 2-5 as
changes are made to the
application
Create and enable
baseline policy for basic
top security threats
SOC analyzes app for
security tuning per
customer specifications
Silverline WAF Express
• Predefined policies for different technologies
• Whitelisting available
• Low number of false-positives
• F5 SOC expertise during deployment phase